Reputation: 827
How can I create a user specific channel in Pusher?
I'm new to Pusher. I'm using Laravel as my backend. There is a queue job running on the backend, when the user uploads a few photos. What I want to do is to fire an event, that just broadcasts the image objects to pusher and then I receive them via Javascript on the front end and the user gets a notification real-time, saying that all the photos have been uploaded.
At the moment, the channel is created dynamically, based on the user ID and it looks like this:
user-12-channel, 12 being the user id.
This all works fine, but I'm a bit concerned about the privacy. Someone could easily subscribe to that channel, right?
For example, in my console, when I type pusher.channels (pusher being an instance of Pusher object), it lists the channels there. What is the workaround to this?
I was looking into the pusher security, and set up a route /pusher/auth, which sends back the token, but I don't understand what is that even supposed to do.. from that route, if I send back some dummy text, it still works..
Upvotes: 1
Views: 1872
Answers (1)
Reputation: 66
The authorization endpoint is only invoked for private (and by extension, presence) channels. If you want to control access to a channel, it should be named e.g. private-user-12-channel. Then the client will hit your auth endpoint for a token before subscribing, and they will only be able to subscribe if you return them a token signed with your secret.
https://pusher.com/docs/client_api_guide/client_private_channels
Upvotes: 1
Related Questions
- How can I validate an email address in JavaScript?
- How can I convert a string to boolean in JavaScript?
- How can I remove a specific item from an array in JavaScript?
- How do I create a GUID / UUID?
- How can I merge properties of two JavaScript objects?
- How can I change an element's class with JavaScript?
- How to insert an item into an array at a specific index?
- How can I upload files asynchronously with jQuery?